Introduction to the role

The Cyber Security Specialist acts as a regional focal point in the area of IT Security, responsible for the planning, development, project management, change management, and general operation of the service in APAC region. The Cyber Security Specialist interacts with Country IT Managers, Specialists, Analysts, Infrastructure and Application Owners, internal and external technical teams ensuring service in accordance with directives, guidelines, targets and expectations from global and regional IT stakeholders. The Cyber Security Specialist collaborates closely with various IT and business teams to communicate standards, foster awareness, and address current and emerging threats, integrating security seamlessly into every area of IT and working culture within Metso’s team and business. You will join a team of IT experts dedicated to cyber security field. We are working together on communicating standards, fostering awareness, and addressing current and emerging threats, integrating security seamlessly into every area of IT and working culture within Metso’s team and business.

Main Responsibilities

Manage the regional IT security in accordance with corporate directives, policies and guidelines. Act in line with the corporate strategy with focus on the integrity of IT services for the business. Collaborate with regional, global, and external multidisciplinary teams to maintain highest standard of security in the environment, identify and mitigate risks and threats to operational systems, contribute to the development of security improvements, plan and execute security related projects. Form part of the global Cyber Security team as a regional virtual team member, acting as a service representative for the product in the APAC region. Perform regular reporting of the security status in region to global and regional stakeholders. Implement practices and policies for cyber security and data protection by following various government and industry regulations. Communicate regional plans, demands and improvement areas to global teams for attention, planning and actions.  Raise recommendations for identified improvement areas to continuously develop and enhance the global service management. Engage with Country IT Managers, Specialists, Business Analysts, Application Owners, business stakeholders and others, to proactively communicate global directives, roadmaps and programs for awareness, local planning and alignment. Collaborate and support regional efforts and resources with implementation of global security initiatives and improvements in all areas including infrastructure, applications, IT services and awareness training. Participate in the evaluation and development of new and existing IT and OT solutions in region, provide guidance and support to ensure compliance with security and confidentiality of information in accordance with mandatory policies and regulations. Perform analysis of services and advise on best practices with system configuration and security. Coordinate and participate in IT disaster prevention and recovery planning as part of the disaster management and business continuity planning process. Respond to security incidents and compliance breaches in region.  Support analysis and investigations to ensure timely recovery and restoration of services. Document events and prepare detailed reports including identified causes, corrective actions, lessons learned. Be available after hours for on-call response to critical and major incidents, alerts, threats and investigations that may require remote meetings or on-site attendance to ensure prompt assessment, mitigation efforts, and recovery actions. Assist  IT Manager in all subsequent scope of work assigned or identified not limiting to the above role and responsibilities description

 

To Succeed

Essential

Minimum 7 years’ experience in related IT services. Degree in Information Technology or equivalent level of knowledge gained through combination of education, training and experience. Experience with application security management including configuration, access control, auditing and compliance. Experience in IT security including SIEM, network packet and log analysis, vulnerability scanning, virus defense, forensics, investigation and reporting. Experience in IT infrastructure management including networking, servers, cloud computing, end-user computing, and mobile devices. Leadership and experience in project management and IT services. Excellent verbal and written communication skills in English and Chinese. Demonstrated ability to work flexibly within tight time schedules and in accordance with variable workload demands, manage and prioritize tasks efficiently. Demonstrated stakeholder management skills in complex matrix environments. Knowledge of ITIL, SAFe Agile, LPM, PMI and processes. Solid skills in activity and resource planning, decision making and problem solving. Proactive attitude, critical analysis, ability to summarize communication.

 

Desirable

Sound understanding of networking protocols and ports, routing, traffic flow, system administration, OSI model, defense-in-depth and common security elements. Proficiency with Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security, vulnerability scanning Hands-on experience analyzing high volumes of logs, network data (e.g. NetFlow, FPC), and other attack artifacts in support of incident investigations. Knowledge of architecture, engineering, and operations of an enterprise Security Information and Event Management (SIEM) platform. Sound knowledge of operating systems including Windows Professional, Windows Server, Hypervisors, and mobile devices. Report writing and documentation of security systems, configurations and incidents.